[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: The case against X.500 directories
From the IETF-PKIX list: I would like to add a few things to what Phillip Hallam-Baker of VeriSign wrote about directories as an obstacle to PKI deployment. Many PKI experts are involved in huge public-sector-driven projects, that are based on establishing directory interoperability between organizations. At first sight this looks like a great idea but digging a bit further, you soon note that this is not a universal solution but rather a dead end. Directory problem issues 1. Technical. Unifying schemas + firewall issues 2. Internal information (including employment) is generally not public 3. The level of openness depends on who is asking 4. Directories represent just one way to organize data But, there is no reason to despair, as there are work-arounds that properly address all these issues: Using authentication systems like OASIS' SAML, organizations can (through their employees), authenticate to each others' intranets and through this get access to exactly the information they should have and in a format that make sense. The latter may be a directory tree, a PDF-file, a database listing, an HTML form, etc. Unlike directory systems, SAML allows secure access to any kind of active or passive information source, including purchasing and work-flow systems. All using the truly universal Internet browser interface. For machine-to-machine (=automated) access to external information, specialized Web Services seems to be a much more extensible route than directories, as the former introduces no restrictions on data. Anders Rundgren Independent consultant PKI and secure e-business
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]